Personal data stolen from health insurer, now someone’s using it

A spike in the number of fraudulent state income tax returns filed in Connecticut has led some Anthem Blue Cross and Blue Shield customers to believe that it is the result of the massive data breach the insurer revealed in early February.

Officials with state Attorney General George Jepsen’s office acknowledge they have seen an increase in the number of people who are Anthem customers now reporting that fraudulent tax returns have been filed using their names and other personal information. The Anthem customers believe the fraudulent tax returns are a direct result of the personal information that was taken via the data breach.

But Robert Blanchard, deputy director of communications for Jepsen, said that because of “the number and variety of recent data breaches that have occurred, we cannot pinpoint the origin of the potential identity theft.”

“Because of the scope and number of individuals recently affected by large breaches such as Anthem or Target, it is easy for an overlap to occur,” Blanchard said. “We encourage all Anthem consumers that believe their identity has been comprised to enroll in All-Clear identity theft protection that has been offered by Anthem and contact the Internal Revenue Service as well as the Connecticut Department of Revenue Service if they believe a false return has been filed in their name.”

Sarah Kaufman, a spokeswoman with the Department of Revenue Services, said the increase in fraudulent state tax returns being filed “is quite significant.” But Kaufman said the agency has stepped up the levels of screening it uses to detect whether a return that has been filed is fraudulent.

“Last year, the level of fraudulent tax returns that we were successful in uncovering and preventing refund checks from being issued was $5 million,” she said. “This year, it has already exceeded $12 million and we are being delayed in issuing refunds because of the volume levels that we are screening.”

Kaufman declined to specify what types of screening methods the agency uses in looking for fraudulent state tax returns. But she agreed with Blanchard that it is impossible to draw a direct correlation between the Anthem data breach and the spike in fraudulent tax returns.

“Information from people who used Turbo Tax software has been compromised as well,” she said of another data breach that was discovered earlier this year. “We live in an age of identity theft.”

Kaufman said that if the Department of Revenue Services has any questions about whether a state tax return is fraudulent, it will send a letter to an individual taxpayer on agency letterhead and will not issue a refund until it is completely certain of the identity of the person to whom it is sending the money.

Anthem has said the cyber attack could affect as many as 80 million people across the U.S and the insurer has 1.14 million customers in Connecticut. The company, which is based in Indianapolis, has its Connecticut headquarters in Wallingford.

Scott Golden, an Anthem spokesman, said the company, working with the Federal Bureau of Investigation, has “found no evidence that the cyber attackers have shared or sold any of our members’ data.”

“There is no evidence that fraud has occurred against our members, including fraudulent tax returns, for example,” Golden said in a statement issued Thursday.

Officials with the Internal Revenue Service and the FBI were not available for comment Thursday on whether a similar spike in level of fraudulent federal income tax returns also has become evident.